add CorsInterceptorTest (#2126)

* add simple CorsInterceptorTest * add relevant exposedHeaders to custom CorsConfiguration * use SLF4J Logger.info() instead of System.err.println(), and run the test assertions first * Add logback-classic dependency to test scope, to enable SLF4J logging within unit tests. (SLF4J defaults to NOP binding if no binding found on classpath, see also http://www.slf4j.org/codes.html#StaticLoggerBinder)
2020-10-12 16:38:31 -05:00 · 2020-10-12 16:38:31 -05:00 · a32397d993
parent e4214a4cbe
commit a32397d993
2 changed files with 89 additions and 0 deletions
--- a/hapi-fhir-server/pom.xml
+++ b/hapi-fhir-server/pom.xml
@ -78,6 +78,12 @@
 			<artifactId>spring-messaging</artifactId>
 		</dependency>

+		<dependency>
+			<groupId>ch.qos.logback</groupId>
+			<artifactId>logback-classic</artifactId>
+			<scope>test</scope>
+		</dependency>
+
 	</dependencies>

 	<build>
--- a/hapi-fhir-server/src/test/java/ca/uhn/fhir/rest/server/interceptor/CorsInterceptorTest.java
+++ b/hapi-fhir-server/src/test/java/ca/uhn/fhir/rest/server/interceptor/CorsInterceptorTest.java
@ -0,0 +1,83 @@
+package ca.uhn.fhir.rest.server.interceptor;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertSame;
+
+import java.util.Arrays;
+import org.junit.jupiter.api.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpMethod;
+import org.springframework.web.cors.CorsConfiguration;
+
+public class CorsInterceptorTest {
+
+	private static final Logger ourLog = LoggerFactory.getLogger(CorsInterceptorTest.class);
+
+	@Test
+	public void testCustomCorsConfig() {
+		CorsConfiguration corsConfiguration = new CorsConfiguration();
+		corsConfiguration.applyPermitDefaultValues();
+		corsConfiguration.setAllowedMethods(Arrays.asList(new String[] { "*" }));
+		corsConfiguration.setExposedHeaders(Arrays.asList(new String[] {
+			"Content-Location",
+			"Date",
+			"ETag",
+			"Location",
+			"X-Request-Id",
+			"X-Correlation-Id"
+		}));
+		CorsInterceptor corsInterceptor = new CorsInterceptor(corsConfiguration);
+
+		assertSame(corsConfiguration, corsInterceptor.getConfig());
+		assertNull(corsConfiguration.getAllowCredentials());
+		assertNotNull(corsConfiguration.getAllowedHeaders());
+		assertNotNull(corsConfiguration.getAllowedMethods());
+		assertNotNull(corsConfiguration.getAllowedOrigins());
+		assertNotNull(corsConfiguration.getExposedHeaders());
+		assertEquals(Long.valueOf(1800l),corsConfiguration.getMaxAge());
+		assertNotNull(corsConfiguration.checkHeaders(Arrays.asList(new String[] {"Content-Type"})));
+		assertNotNull(corsConfiguration.checkHeaders(Arrays.asList(new String[] {"Authorization"})));
+		assertNotNull(corsConfiguration.checkHeaders(Arrays.asList(new String[] {"Authorization", "Content-Type"})));
+		assertNotNull(corsConfiguration.checkHttpMethod(HttpMethod.GET));
+		assertNotNull(corsConfiguration.checkOrigin("http://clinfhir.com"));
+
+		ourLog.info("Custom CorsConfiguration:  allowCredentials = {};  allowedHeaders = {};  " +
+			"allowedMethods = {};  allowedOrigins = {};  exposedHeaders = {};  maxAge = {}",
+			corsConfiguration.getAllowCredentials(),
+			Arrays.toString(corsConfiguration.getAllowedHeaders().toArray()),
+			Arrays.toString(corsConfiguration.getAllowedMethods().toArray()),
+			Arrays.toString(corsConfiguration.getAllowedOrigins().toArray()),
+			Arrays.toString(corsConfiguration.getExposedHeaders().toArray()),
+			corsConfiguration.getMaxAge());
+	}
+
+	@Test
+	public void testDefaultCorsConfig() {
+		CorsInterceptor corsInterceptor = new CorsInterceptor();
+		CorsConfiguration corsConfiguration = corsInterceptor.getConfig();
+
+		assertNull(corsConfiguration.getAllowCredentials());
+		assertNotNull(corsConfiguration.getAllowedHeaders());
+		assertNotNull(corsConfiguration.getAllowedMethods());
+		assertNotNull(corsConfiguration.getAllowedOrigins());
+		assertNotNull(corsConfiguration.getExposedHeaders());
+		assertNull(corsConfiguration.getMaxAge());
+		assertNotNull(corsConfiguration.checkHeaders(Arrays.asList(new String[] {"Content-Type"})));
+//		assertNotNull(corsConfiguration.checkHeaders(Arrays.asList(new String[] {"Authorization"})));
+		assertNotNull(corsConfiguration.checkHeaders(Arrays.asList(new String[] {"Authorization", "Content-Type"})));
+		assertNotNull(corsConfiguration.checkHttpMethod(HttpMethod.GET));
+		assertNotNull(corsConfiguration.checkOrigin("http://clinfhir.com"));
+
+		ourLog.info("Default CorsConfiguration:  allowCredentials = {};  allowedHeaders = {};  " +
+			"allowedMethods = {};  allowedOrigins = {};  exposedHeaders = {};  maxAge = {}",
+			corsConfiguration.getAllowCredentials(),
+			Arrays.toString(corsConfiguration.getAllowedHeaders().toArray()),
+			Arrays.toString(corsConfiguration.getAllowedMethods().toArray()),
+			Arrays.toString(corsConfiguration.getAllowedOrigins().toArray()),
+			Arrays.toString(corsConfiguration.getExposedHeaders().toArray()),
+			corsConfiguration.getMaxAge());
+	}
+}